Who should we hire to secure our network in NoVA?
December 27, 2006 12:29 PM Subscribe
Network Security: I'm looking for recommendations for an individual or company that can come check out our network and make sure it's secure. In Sterling, VA (NoVA/DC).
My dad's small business has had a secure non-wireless network setup in our warehouse for a few years. Recently, we've noticed some weird activity in our firewall and anti-virus logs. To our untrained eyes, it looks like a competitor is trying to load Trojans onto our computers. The firewall seems to be blocking them. This is good. But we want to be extra-cautious. I hate Geek Squad, the guy who originally set up the network moved away, craigslist has proven quite useless and my Google-fu seems to be failing me. Besides, recommendations would be better, I think. Can you vouch for anyone's expertise and trustworthiness?
My dad's small business has had a secure non-wireless network setup in our warehouse for a few years. Recently, we've noticed some weird activity in our firewall and anti-virus logs. To our untrained eyes, it looks like a competitor is trying to load Trojans onto our computers. The firewall seems to be blocking them. This is good. But we want to be extra-cautious. I hate Geek Squad, the guy who originally set up the network moved away, craigslist has proven quite useless and my Google-fu seems to be failing me. Besides, recommendations would be better, I think. Can you vouch for anyone's expertise and trustworthiness?
Sign up to the Security Focus Pen-Test mailing list. There are many security professionals who specialize in this sort of work who read this list and will most likely be able to recommend someone appropriate for your needs. Re-post this question there, with perhaps a bit more detail, including a brief rundown on your IT infrastructure, (Systems, Applications, etc). Also include, in general what you want done. If you'd like it to be on-site, make sure you include your location. If you want something more than some basic packet analysis and an answer to the question "is a human attacker actively attempting to penetrate my network" be prepared to pay a bit of money.
If you want dirt simple/cheap, setup Wireshark (Ethereal) on your border gateway and start scanning, as SirStan recommends. The logs will probably contain confidential information, so don't post them publicly. Maybe a kind soul will take a look at them for you.
posted by WetherMan at 1:23 PM on December 27, 2006
If you want dirt simple/cheap, setup Wireshark (Ethereal) on your border gateway and start scanning, as SirStan recommends. The logs will probably contain confidential information, so don't post them publicly. Maybe a kind soul will take a look at them for you.
posted by WetherMan at 1:23 PM on December 27, 2006
If you want a serious firm, give Neohapsis a call.
You didn't really consider asking the Geek Squad to take a look at your network security, did you?
posted by cmonkey at 2:25 PM on December 27, 2006
You didn't really consider asking the Geek Squad to take a look at your network security, did you?
posted by cmonkey at 2:25 PM on December 27, 2006
Neohapsis has very good people, I've worked with them a time or two some years ago (I'd offer myself but it's a little far for me plus I'm not strictly in the field anymore, not 100% in practice these days). If they think they're not right for the job they'd certainly be willing to point you in the direction of an independant consultant who is.
posted by scalefree at 3:05 PM on December 27, 2006
posted by scalefree at 3:05 PM on December 27, 2006
TruSecure/Cybertrust is operated out of Herndon VA. Not sure how expensive they are. www.trusecure.com. I work in the same building as them, and they have some heavy-duty geeks working there.
posted by BigVACub at 5:12 PM on December 27, 2006
posted by BigVACub at 5:12 PM on December 27, 2006
ISS is one of the 400 lb. gorrillas in network security. They have a good spread of products, plenty of people (including "white hats" on staff, and go to some lengths to remain on speaking terms with "grey hats," and "black hats"), and the flexibility/resources to tackle most any network security issue. But as a small business, your problem in dealing with a company such as ISS may be less in running their intrusion detection products, and implementing their recommendations, than in affording their products and services, and navigating their organization. Still, if you have specific concerns, and at least as definable a focus as you've laid out in your question, a phone conversation with them may result in a practical short term plan, at minimal cost, and a connection for far heavier duty services, if it turns out you need them. If the situation points to criminal issues, I think you'll find that the reaction of law enforcement people to learning you've engaged ISS is quite positive.
If you've got a problem, ISS can put the resources on the case to find out, and fix it. Their professional services group is as good as any in the business, and if you want a Tiger Team effort run, ISS is one of the few firms on the planet that can do this to credible standards. They can scan your firewall, assess your network, go through your garbage, and trick your employees. The report you get from their Penetration Testing group is likely to be humbling (if you think you have good security and loyal employees), but illuminating.
If your business is at risk, contact ISS.
I am not a shareholder, employee, customer, or otherwise beneficial stakeholder of ISS, nor have I been in the past, nor am I likely to be in the future. But I have seen them work.
posted by paulsc at 9:10 PM on December 27, 2006
If you've got a problem, ISS can put the resources on the case to find out, and fix it. Their professional services group is as good as any in the business, and if you want a Tiger Team effort run, ISS is one of the few firms on the planet that can do this to credible standards. They can scan your firewall, assess your network, go through your garbage, and trick your employees. The report you get from their Penetration Testing group is likely to be humbling (if you think you have good security and loyal employees), but illuminating.
If your business is at risk, contact ISS.
I am not a shareholder, employee, customer, or otherwise beneficial stakeholder of ISS, nor have I been in the past, nor am I likely to be in the future. But I have seen them work.
posted by paulsc at 9:10 PM on December 27, 2006
Response by poster: Thanks for all the great advice. As some of you mentioned, a lot of the really good options might be out of the practical budget for a small business, but this is definitely not a situation that we want to mess around with. I'll explain the options to my dad and see what we can figure out. I really appreciate all the help. Please feel free to keep commenting if you have more suggestions.
Geek Squad was my dad's suggestion. I told him it was out of the question. Thanks for backing up what was really just a gut feeling.
posted by sa3z at 7:06 AM on December 28, 2006
Geek Squad was my dad's suggestion. I told him it was out of the question. Thanks for backing up what was really just a gut feeling.
posted by sa3z at 7:06 AM on December 28, 2006
You can drop me an email if you like; I'm just down the street and I can put you in touch with a few people who would be willing to take a small side job like this. You'll have to talk with them about exactly what your goals are here, however. Do you want to make sure no baddies got in? Identify the source of the icky? Analyze the logs for more certainty of what happened?
If the idea was rolling around in your head, let me tell you this from my personal experience in the field: the chances you're going to get law enforcement to pay the slightest bit of attention to an attempted unsuccessful penetration are effectively nil.
posted by phearlez at 8:04 AM on December 28, 2006
If the idea was rolling around in your head, let me tell you this from my personal experience in the field: the chances you're going to get law enforcement to pay the slightest bit of attention to an attempted unsuccessful penetration are effectively nil.
posted by phearlez at 8:04 AM on December 28, 2006
I have issues with ISS in general but in any event their offerings just aren't scaled for your class of business. An option that just occurred to me is to get in touch with the local security practitioner's user group NoVASEC. It's kind of like 2600 meetings for adults. They'll definitely be able to hook you up with someone of high quality & reputation within your price range.
posted by scalefree at 1:03 PM on December 28, 2006
posted by scalefree at 1:03 PM on December 28, 2006
This thread is closed to new comments.
A true good penetration test will run you a couple grand.
posted by SirStan at 1:03 PM on December 27, 2006